The Certificate Manager tool (Certmgr.exe) is a command-line utility, whereas Certificates (Certmgr.msc) is a Microsoft Management Console (MMC) snap-in. Because Certmgr.msc is usually found in the Windows System directory, entering certmgr at the command line may load the Certificates MMC snap-in even if you have opened the Visual Studio Command Prompt. This occurs because the path to the snap-in precedes the path to the Certificate Manager tool in the PATH environment variable. If you encounter this problem, you can execute Certmgr.exe commands by specifying the path to the executable.

The input certificate store as the type StoreFile, or the type system store.

destinationStorename

The output certificate store or file.

Option

Description

/add

Adds certificates, CTLs, and CRLs to a certificate store.

/all

Adds all entries when used with /add. Deletes all entries when used with /del. Displays all entries when used without the /add or /delete options. The /all option cannot be used with /put.

/c

Adds certificates when used with /add. Deletes certificates when used with /del. Saves certificates when used with /put. Displays certificates when used without the /add, /delete, or /put options.

/CRL

Adds or deletes CRLs. Displays CRLs when used without the /add, /delete, or /put options.

/CTL

Adds or deletes CTLs. Displays CTLs when used without the /add, /delete, or /put options.

/delete

Deletes certificates, CTLs, and CRLs from a specified certificate store.

/eencodingType

Specifies the certificate encoding type.

/fdwFlags

Specifies the store open flag. This is the dwFlags parameter passed to CertOpenStore. The default value is CERT_SYSTEM_STORE_CURRENT_USER. This option is considered only if the /y option is used.

/h[elp]

Displays command syntax and options for the tool.

/ncommonName String

Specifies the common name of the certificate to add, delete, or save. This option can only be used with certificates; it cannot be used with CTLs or CRLs.

/put

Saves an X.509 certificate, CTL, or CRL from a certificate store to a file. The file will be saved in X.509 format. The /7 option can be used with the /put option to save the file in PKCS #7 format. The /put option must be followed by either /c, /CTL, or /CRL. The /all option cannot be used with /put.

/rregistry location

Identifies the registry location of the system store. This option is considered only if you specify the /s option. Registry location must be one of the following:

currentUser indicates that the certificate store is under the HKEY_CURRENT_USER key. This is the default

localMachine indicates that the certificate store is under the HKEY_LOCAL_MACHINE key.

/s

Indicates that the certificate store is a system store. If you do not specify this option, the store is a StoreFile.

/sha1sha1Hash

Specifies the SHA1 hash of the certificate, CTL, or CRL to add, delete, or save.

/v

Specifies verbose mode; displays detailed information about certificates, CTLs, and CRLs. This option cannot be used with the /add, /delete, or /put options.

Saves an X.509 certificate, CTL, or CRL from a certificate store to a file.

Certmgr.exe works with two types of certificate stores: StoreFile and system store. It is not necessary to specify the type of certificate store; Certmgr.exe can identify the store type and perform the appropriate operations.

Running Certmgr.exe without specifying any options launches the certmgr.msc snap-in, which has a GUI that helps with the certificate management tasks that are also available from the command line. The GUI provides an import wizard, which copies certificates, CTLs, and CRLs from your disk to a certificate store.

For more information about certificates, see the About CryptoAPI section of the Microsoft Platform SDK documentation.